Social

Articles

Other

McAfee-Partnered ‘Unhackable’ Wallet Bitfi Hacked

John McAfee’s official partner experienced a major breach when security researchers were able to gain root access to the device - less than one week after it was advertised as ‘unhackable’

Sometimes it’s a good idea to not throw words around like ‘unhackable’ or ‘impenetrable’ or perhaps even ‘unsinkable’, such is the case of company Bitfi after recently releasing their new wallet. Experiencing a titanic-like moment the product hit a bit of an iceberg when security research group OverSoftNL claimed it had obtained ‘root access’ to the device.

Speaking to Cointelegraph, the CEO of Bitfi Daniel Khesin said there was ‘no evidence’ their wallet had a vulnerability.

“As of now, we have no evidence that our device can be hacked and if someone succeeds in doing so then we will immediately put out a fix to all devices to address the vulnerability that was discovered and it will be unhackable once again.”

A $250,000 hacking bounty was placed on the device to challenge hackers, researchers and apprehensive people alike when on August 1st, Dutch-based firm OverSoftNL came forward on Twitter to claim they had breached the device.

“Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

“Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help”

Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help. Here are the bounty conditions: https://t.co/f00POuF1Ov Thank you, Daniel Khesin CEO

According to Oversoft, Bitfi never had any intention of even paying their first bounty - it’s ‘Pure marketing’, said Oversoft, hurting their credibility even more. John McAfee himself has argued that the hack isn't applicable to the bounty as no money was stolen - even though Oversoft seemingly gained root access incredibly quickly and ran their software on non-Bitfi devices.

They deny anything that's not exactly according to their bounty rules, aka: they will never pay a bounty. It's pure marketing.

But by gaining root access you have complete autonomous control over the device, meaning you can do whatever you want from installing malicious software to even withdrawing money, so one would think this would fit McAfee’s definition of a ‘hack’.

What’s becoming an even larger rabbit hole for a device deemed ‘unhackable’ is Oversofts claim that you don’t even need the official device to run Bitfi’s software, saying that they could have literally just released it “on the Play Store as an app.”

So yeah: you don't need a BitFi device to run a BitFi wallet.I repeat: there's nothing in that device that is required for the BitFi app to function. There's NO secure element. They could've released it on the Play Store as an app.